When discussing malware, we tend to focus on the technical aspect of how a specific Trojan operates on an infected system. The processes executed by a malware variant, ranging from how it latches onto an infected device to how it manipulates the user into providing it with credentials, are just a small subset of the cybercrime ecosystem. Roughly eight years ago, a single operator would be in charge of everything from coding the malware to distributing it, including setting up command-and-control (C&C) servers, identifying infection points, working with money mules and more. Today, the whole process, or at least each individual element, can be easily outsourced.

Underground cybercrime forums offer professionals and amateurs alike a wide array of tools and services with varying prices and support levels. Some tools, such as malware samples, can be downloaded for free, while other elements of the fraud chain, such as cashing out via a mule account, come at a high cost due to scarce resources in the field. Almost any form of online fraud requires more than just one tool. Whether it is phishing, ransomware or financial crimeware, they need hosting sites, C&C servers and/or a cash-out methodology. Some underground services are now also sold as cloud services, offering easy access and added security.

The underground market is showing no signs of slowing down, but rather of adaptation to industry trends. Even services and tools described in the infographic above can be broken down and sold separately. For example, HTML injections, specific scripts, configuration services and more can all be purchased separately when designing the malware of choice. It is also worth noting that cybercriminals are not only discussing and selling financial fraud tools, but also advanced targeting tools and RATs, health care and insurance fraud tools and services and much more.

The current cybercrime ecosystem makes a wealth of options available to cybercriminals. Unfortunately, that drastically increases the scope and complexity of schemes that could target an organization. Thorough prevention and detection systems are needed to avoid these security problems, but they must be fortified with tools such as fraud protection for a comprehensive defense.

Read the white paper: The thriving malware industry – Cybercrime made easy

More from Advanced Threats

Black Hat 2022 Sneak Peek: How to Build a Threat Hunting Program

You may recall my previous blog post about how our X-Force veteran threat hunter Neil Wyler (a.k.a “Grifter”) discovered nation-state attackers exfiltrating unencrypted, personally identifiable information (PII) from a company’s network, unbeknownst to the security team. The post highlighted why threat hunting should be a baseline activity in any environment. Before you can embark on a threat hunting exercise, however, it’s important to understand how to build, implement and mature a repeatable, internal threat hunting program. What are the components…

Top-Ranking Banking Trojan Ramnit Out to Steal Payment Card Data

Shopping online is an increasingly popular endeavor, and it has accelerated since the COVID-19 pandemic. Online sales during the 2021 holiday season rose nearly 9% to a record $204.5 billion. Mastercard says that shopping jumped 8.5% this year compared to 2020 and 61.4% compared to pre-pandemic levels. Cyber criminals are not missing this trend. The Ramnit Trojan, in particular, is out for a shopping spree that’s designed to take over people’s online accounts and steal their payment card data. IBM…

Detections That Can Help You Identify Ransomware

One of the benefits of being part of a global research-driven incident response firm like X-Force Incidence Response (IR) is that the team has the ability to take a step back and analyze incidents, identifying trends and commonalities that span geographies, industries and affiliations. Leveraging that access and knowledge against the ransomware threat has revealed tools, techniques and procedures that can often be detected through the default Windows event logs (WELs). In particular, the X-Force IR team has identified several…

How to Report Scam Calls and Phishing Attacks

With incidents such as the Colonial Pipeline infection and the Kaseya supply chain attack making so many headlines these days, it can be easy to forget that malicious actors are still preying on individual users. They're not using ransomware to do that so much anymore, though. Not since the rise of big game hunting, anyway. This term marks ransomware actors' shift away from attacks against individual users and towards operations targeting large enterprises, noted CNBC. But attacks like phishing and…